Merge remote-tracking branch 'origin/main' into 6.key-derivation

README.md

@@ -53,8 +53,18 @@ We want a library that:
   * Mainly armeabi and armv7
 * Is suitable for real-world security purposes
   * not a demo or a toy library
+    * documents its limitations
+  * is well-tested
   * avoids real-world pitfalls (side-channel attacks, etc), not just textbook issues
   * has more than a handful of other users
+  * is well-maintained
+    * developers are responsive to security reports
+    * has a channel for security-related disclosures
+	* has sound documentation for proper, safe usage
+
+And,
+of course,
+implements the required functionality.
 
 ### SHA256
 

make-keypairs/Main.hs

 module Main where
 
-import Codec.Crypto.RSA (generateKeyPair)
-import Crypto.Random (CryptoRandomGen (newGenIO), SystemRandom)
+import qualified Crypto.PubKey.RSA as RSA
 import Data.ASN1.BinaryEncoding (DER (DER))
 import Data.ASN1.Encoding (ASN1Encoding (encodeASN1))
 import Data.ASN1.Types (ASN1Object (toASN1))
 import qualified Data.ByteString.Lazy as LB
+import Data.X509 (PrivKey (PrivKeyRSA))
 
 -- | The size of the keys to generate.
 bits :: Int
@@ -17,11 +17,12 @@ count = 5
 
 main :: IO ()
 main = do
-    g <- newGenIO :: IO SystemRandom
-    mapM_ (genKey g) [0 .. count - 1]
+    mapM_ genKey [0 .. count - 1]
 
-genKey :: (Show a, CryptoRandomGen c) => c -> a -> IO ()
-genKey g n =
-    let (_, priv, _) = generateKeyPair g bits
-        bytes = encodeASN1 DER (toASN1 priv [])
-     in LB.writeFile ("test/data/rsa-privkey-" <> show n <> ".der") bytes
+genKey :: Show a => a -> IO ()
+genKey n = do
+    (_, priv) <- RSA.generate bits e
+    let bytes = encodeASN1 DER (toASN1 (PrivKeyRSA priv) [])
+    LB.writeFile ("test/data/rsa-privkey-" <> show n <> ".der") bytes
+  where
+    e = 0x10001

tahoe-ssk.cabal

@@ -149,3 +149,4 @@ executable make-keypairs
     , base
     , bytestring
     , cryptonite
+    , x509